The Second Payments Services Directive or PSD2 will bring tremendous changes to the payments world in the coming months. But what does it mean for risk managers?
That’s one issue we grappled with at FICO’s recent EMEA Risk Leadership Forum. Today I believe we have more questions than answers.
Bear in mind that the goal of PSD2 is to enable customer migration and incent market competition. It’s the finance equivalent of being able to keep your phone number when you switch providers. That’s fantastic if you’re a new entrant, not so fantastic if you’re a bank being forced to share your accounts’ details with new competitors.
But PSD2 is more than just open banking. It creates two new players – the Payment Initiation Services Provider (PISP) and the Account Information Services Provider (ASIP). While most banks will be one or both of these, so will many other market participants, such as retailers, telecommunication providers and fintechs.
With my risk manager hat on, I have a new set of challenges. Here are five questions I believe risk managers should be exploring:
1. Will I lose visibility of data I need to make risk decisions?When a customer makes a payment on their credit or debit card, the PISP will take those funds from my accounts. If my bank isn’t the PISP, I won’t see what those funds were for, just the amount of the transaction. This could impact both the decision on that transaction and my overall understanding of the customer’s risk.
2. How will I use the new data that’s available?I will lose transactional data, but I will also have available new data on payments that my bank never saw before. This includes… Analyzing this data could enrich my customer risk models, if I’m prepared to seize and analyse it.
3. How will AISP counselling affect my customers’ payments?In the new scheme, ASIPs will be counselling their customers on polymorphic payments, and may also provide budget and debt counselling. Since most customers will be unfamiliar with polymorphic payments, this counselling has the potential to change their payment patterns — which could change their payment risk as well.
4. Will there be a new class of “credit traders”?Remember the balance transfer craze when credit card competition was at its fiercest? Some savvy people realized they could avoid paying by moving their card balances to new cards, and moving again when the interest payments were due to start. PSD2 could create a similar opportunity, as AISPs incent customers to migrate balances or accounts — this might affect the profitability of a portfolio, and also the risk makeup. A portfolio stuffed with newly migrated accounts attracted by competitive pricing or no-interest offers might behave very differently from one full of established accounts who didn’t migrate.
5. How can I make sure confused consumers don’t misunderstand their obligations?When payments are divorced from single credit or debit accounts, consumers may simply lose track of how they paid for things, especially if PISPs and AISPs offer them the opportunity to turn a simple credit card or debit card transaction into an instalment loan. This could affect not only customers’ understanding of what funds are leaving their accounts and when, which in turn could cause people to become over-indebted. My colleague Sarah Rutherford posted just last week on consumer confusion and PSD2.
Answering these questions goes well beyond the technical infrastructure needed to comply with PSD2. And just to make things more complicated, banks must implement PSD2, IFRS 9 and GDPR at the same time. FICO's Bruce Curry has noted that these new regulations sometimes conflict.
My FICO colleagues and I are helping our customers – banks and others — think through the practicalities and possibilities of PSD2 and other regulations from every perspective, including the risk manager’s perspective. I encourage you to give us a call.